Embed Size (px)
Citation preview
Systemic Cyber Risk and Exposure of the Insurance IndustryRon Bushar, VP, FireEye Professional Services
Christopher Porter, Chief Intelligent Strategist
©2018 FireEye | Private & Confidential
Data Loss Filtering
URL Filtering
Anti-spam, Anti-spyware Anti-malware
Trojans
Worms,BotsSpyware
Spam
Grey-listingBehavioral
Analysis
Heuristics
Whitelisting
Rootkits
PhishingZero-days
1990s 2000s 2010s
Offe
nse
Today
Def
ense
The Problem
Opportunistic Targeted
Detonation Chambers
Orchestration
APTsMelissa
CodeRed
Birth of Anti-virus
Mobile Threats
IoTThreats
Anti-spam
Anti-malware
Automation
Intelligence
Ransom-ware
©2018 FireEye | Private & Confidential
How Good Do You Need To Be?
SECURITY CAPABILITY
SOPH
ISTIC
ATIO
N O
F TH
E TH
REA
T
TOOLS-BASED
INTEGRATED FRAMEWORK
ADAPTIVE DEFENSE
RESILIENT
CONVENTIONAL THREATS
STANDARD CYBERCRIME
COMPLIANTORGANIZED CYBERCRIME
NATION-STATE THREATS
©2018 FireEye | Private & Confidential
Background: Why Cybersecurity Risk Management?
4
Old methods don’t work
Need to engage at Board-level
Rapid growth in cyber insurance market
Source: Cyber Balance Sheet - https://focal-
point.com/insights/cyber-balance-sheet
$14BExpectation
globally, by 2022, a 28% CAGR from
2016 – 2022.Source:
https://www.alliedmarketresearch.com/press-release/cyber-insurance-market.html
©2018 FireEye | Private & Confidential
Risk Services Objectives
◆Help the CISO / CIO communicate business risk at the Board-level.
◆Help client security operations use risk management techniques in practice.
◆ How do you communicate the scale of the risk to stakeholders across the team?
◆ What organizational steps does your team use to reduce risk?
▶ Examples - mapping key assets and putting contingency plans in place.
◆ How can you financially transfer these risks?
5
©2018 FireEye | Private & Confidential
Intelligence-led security is about risk management◆ What should organizations be doing to benefit from intelligence-led security?
◆ Companies need real-time adversary analysis before an incident.
◆ Understanding the risks, what informational assets (and asset value) an organization has, and where those assets are located.
◆ Who at the company is responsibility for assessing and mitigating breach-related risks? Not just the chief information security officer (CISO).
◆Cyber Team should consist of internal stakeholders as well as outside partners like law firms, insurance experts & Forensic teams like Mandiant.
6
©2018 FireEye | Private & Confidential
Defining your risk impactacross the organization
Cyber is not just an IT issue.
It is an enterprise riskthat impacts many key stakeholders within your organization.
CYBER RISK:EVERYONE
HAS A STAKE
7
©2018 FireEye | Private & Confidential
Where should I start?
◆Incident response plans?
◆Has your team done a table-top exercise?
▶ Both technical & executives should participate.
◆Practice and include your outside partners.
▶ This is a working document, so update the plan after practice.
◆ Once you’ve identified gaps, create action plans to eliminate them.
8
©2018 FireEye | Private & Confidential
Breach Response Hot Topics
◆Having a communications playbook
◆Dealing with Brian Krebs
◆The right mitigation product (credit monitoring and others)
◆The “b” word
◆Notification timelines & expectations
◆Your plans (not just Incident Response plans)
◆Breach response goals vs. risks
9
©2018 FireEye | Private & Confidential
10
Identify & Track the
“Relevant Threats”
Assess attack surface &
cyber defensecapabilities
Measure business risk &
plan investments
Harden attack surface
Resilience
How does the adversary view your organization?
Optimize decision-making with risk-led security
• Threat Diagnostic
• Compromise Assessment
• CTIS Threat Profile
• Response Readiness Assessment
• Security Program Assessment• M&A Assessment• Pen Testing & Red Team
• Risk Services
Services• Cyber Defense Center• IR Retainer• Cyber Threat Intelligence Services (CTIS)• Table-top Exercise• Industrial Control Systems• Managed Defense• FireEye iSight IntelligenceProducts• FireEye Helix• FireEye Threat Analytics• FireEye Network Security• FireEye Endpoint Security• FireEye Email Security
Transformation Services
Achieve Resilience by focusing on the “Relevant Threats”; “Buy Down” Cybersecurity Risk by Optimizing Investment in Countermeasures
©2018 FireEye | Private & Confidential
Identify & Track the “Relevant Threats”
11
Your Organization
Line of Business 1
Line of Business 2
Line of Business 3
Line of Business 4
Line of Business 5
Line of Business 6
Use threat diagnostics or iSight Intelligence to inform and guide.
©2018 FireEye | Private & Confidential
Measure Business Risk and Plan Investments
Probability x Impact x Vulnerability = Risk
12
Old MethodNew Method
Reliable measures of risk cannot be derived from a simple
equation…
Optimize by relying on risk models appropriate to your organization. Allow for inclusion of
multiple risk factors.
Threat
CapabilityCountermeasure
Strength
Threat
Frequency Value at Risk
Risk Models
©2018 FireEye | Private & Confidential
2018and beyond...
More destructive attacks Attribution will become more important Attacks will continue to align with global conflicts More reliance on cloud infrastructure (both victims and attackers) Cyber security will continue to be a national focus More and more sophisticated threat actors will emerge More government involvement Intelligence and sharing are critical to stay ahead of the threats Attacks against safety control systems
©2018 FireEye | Private & Confidential
Insurance a Top Finance-sector Target
21
24
72
3
8
4
18
7
8
0 10 20 30 40 50 60 70 80
INSURE
INVEST
BANKSCREDUNIONS
BROKERAGES
CREDIT CARDS
EXCHANGETRADE
FINTRANSACT
LEND
REALESTATE
Detected Activity by Subsector
©2018 FireEye | Private & Confidential
16%
27%
5%5%
5%5%
32%
5%
Investment Targeting by Actor
APT1
APT19
APT29
APT33
APT34
FIN4
FIN7
FIN9
We look forward to working with you.Thank you.
